There is a newer edition of this item:

The Third Edition of this proven All-in-One exam guide provides total coverage of the CISSP certification exam, which has again been voted one of the Top 10 IT certifications in 2005 by CertCities. Revised and updated using feedback from Instructors and students, learn security operations in the areas of telecommunications, cryptography, management practices, and more. Plan for continuity and disaster recovery. Update your knowledge of laws, investigations, and ethics. Plus, run the CD-ROM and practice with more than 500 all new simulated exam questions. Browse the all new electronic book for studying on the go. Let security consultant and author Shon Harris lead you to successful completion of the CISSP.

Product Description

From the Back Cover

Prepare to pass…the CISSP certification exam

Get complete up-to-date coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam inside this all-inclusive resource. With full treatment of all the 10 exam domains, as developed by the International Information Systems Security Certification Consortium (ISC)², this definitive tool contains learning objectives at the beginning of each chapter, sidebars with in-depth technical explanations, practice questions, and real-world scenarios. Detailed and authoritative, this dual-purpose volume serves as both a comprehensive certification study guide and a fundamental on-the-job reference.

Get full details on all 10 subject areas covered on the exam:

Access control systems and methodology

Applications and systems development security

Business continuity planning and disaster recovery planning

Cryptography

Law, investigation, and ethics

Operations security

Physical security

Security models and architecture

Security management practices

Telecommunications and network security

Included on the CD-ROM

Simulated exam with practice questions and answers

Complete electronic book

Cryptography CBT demo

About the Author

Shon Harris, CISSP, MCSE, is the president of Logical Security, a security consultant, and a former engineer in the Air Force’s Information Warfare unit. She has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the National Security Agency (NSA), Bank of America, and others. Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

Most helpful customer reviews

If I had to pick the worst IT book I have ever read, this one should be the top contender.Writing style is unbelievably poor and appropriate for girl's magazines, but not for a serious IT or technical book. The book is so irritating that I spent twice as much time reading it as I would have with another book on similar subject. Although all domains are somewhat covered in the book, they are not exact match for the requirements described in CBK. Some concepts described in official ISC2 course are not mentioned at all, while other, which are irrelevant to the exam contents are described in fine details on tens of pages.Definitions in the book are fairly accurate since they are taken from other documents, but examples given to visualize them are amusing, to be polite. It appears that author has never actually performed any real work, but spent all her life teaching something she read from the books. Thus you can read that application level protocols are HTTP, FTP and WWW, or that DLL interprets voltages. In each chapter there are at least few amusements.CD is nothing to write home about, if you need good questions go for Krutz&Russel editions.All in all, don't waste your time over this book. If you have ever been on a course where instructor does not know what he is talking about, you'll know how I felt after reading this book.

After spending a few weeks agonizing over which book to buy, I bought Shon Harris' CISSP book about a month before I was scheduled to take the CISSP exam. I read it cover to cover in my free time (evenings mostly) during the next few weeks. Let me say up front here that I used no other reference material of any kind.The book covered areas of which I was both familiar and unfamiliar. The sections on the Orange Book and Common Criteria were entirely new to me. The sections on the OSI model and cryptography were not. Faithfully, I took each practice exam at the end of each chapter and scored an average of 92% throughout the book.Come exam day, I was pleasantly surprised to find that there were virtually no questions that the book did not cover. Yes the exam asked more questions in some areas than others, but the book did cover the material.I completed the exam in half the allotted time and walked out confident that I had passed (and easily). A few weeks later my suspicions were confirmed when I received my notification that I had passed.So what's it mean to you? To me, it means this book is capable of getting you a passing score on the CISSP exam. So, buy this book and read it cover to cover. If you find there are areas that you just don't get or can't absorb, then sure, find another source to fill in the blanks for you. Otherwise, go confidently into the exam room knowing you've done an appropriate amount of preparation and enjoy the experience!

I've read some reviews and they are very controversial, so if you feel you're getting confused read this.I've just got a confirmation that I passed the test, and I used only this book for studying. So that books is definitly not a joke and can get you through.Why the reviews are so different?First, the author's style. It's more like recorded lectures then a reference. The author included some jokes and funny examples. They are perfectly correct, not abusive, they add some spice to a highly proffesional text and I personally love them because they make reading that huge book not so boring, but looks like the fact the style is different drives some people mad.Second, the nature of the exam. The covered area is very wide and includes more topic then most people normally know and use. So many readers think the topics they know the best could be written better. The problem is because of so wide coverage you can not go deeper then a certain level. The book is almost 1000 pages long and I personally think it's well balanced and provides adequate knowledge for the test. Yes, some chapters could be extended but then you'd be overwhelmed by the volume and I doubt it would improve your passing score significantly.Some people complained about mistakes. Well, it's true, there are some. But, it's the same idea here. They are not crucial and don't really affect your score much.It's like if you need to get to the airport and you friend offers help you don't really care what car he has. But if you go to dealership to buy a car every minor option gets so important. Same idea here. If your goal is to pass the test, the book can be used as the only training material and provides adequate up-to-date information in a resonable volume for a pretty cheap price. The book does it's job and does it well. It also has some personality so you may love or hate it, but it's just your emotional perception. The knowledge is there.

I was really excited about this book, and despite reading some of the not-so-great reviews, I decided to buy it. All I can say now is that I'm glad the cost was reimbursed by my company.Did I pass the test? Yes - no problem. Did this book help? Somewhat, but not nearly as much as other tools I used. Here's why: - Tone and length. I have to agree with some of the other reviewers that the tone of this book is unbearably chatty. One thing that appealed to me about this book was its size - I figured I was getting a ton of information from such a large book. As it turns out, the size has more to do with the author's inability to be concise, not the unusual volume of information. The author also tends to go into detail in areas where it isn't entirely relevant. For example, in the Operations chapter, several pages are spent on how email works. Although securing email is a relevant operations function, and people should know generally how email works, it is largely outside the scope of the CISSP exam. - Level. Some of the analogies in this book are so basic as to be condescending. For example, in the Security Management chapter, the author likens a poor security structure to a house with a weak foundation, and actually includes a sketch of a house that has crumpled inward. Nevertheless, to sit for the exam, CISSP candidates have to be adults with a minimum of 3 years of industry experience. Although I think it's important to make the point that a sound security structure is vital to an organization, I don't think anyone really needs a picture of a crumbling house to get it. - Chapter study questions. At the end of each chapter is a set of study questions. Answers are given, but no explanation, so if you don't know why you got a question wrong, you're out of luck.Read more ›